package com.hoshiicloud.gateway.filter;

import com.hoshiicloud.auth.vo.TokenUsersVO;
import com.hoshiicloud.gateway.util.FilterUtil;
import com.hoshiicloud.gateway.util.TokenUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpResponse;

import java.util.Arrays;
import java.util.List;

/**
 * @program: hoshiibuy
 * @description: url权限过滤器工厂
 * @author: Mr.wu
 * @create: 2019-07-02 16:40
 **/
@Slf4j
public class
UrlPermissionGatewayFilterFactory extends AbstractGatewayFilterFactory<UrlPermissionGatewayFilterFactory.Config> {

    private static final String KEY = "exceptionUrl";

    public UrlPermissionGatewayFilterFactory(){
        super(Config.class);
    }

    @Override
    public List<String> shortcutFieldOrder() {
        return Arrays.asList(KEY);
    }

    @Override
    public GatewayFilter apply(Config config) {
        return (exchange, chain) -> {
            log.info("权限检查开始");
            /**
             * url接口权限检查
             * 1.判断请求url是否为例外url,如果是直接通过
             * 2.获取请求头中的token
             * 3.解析token
             * 4.根据token中的username和platformId的md5值去redis中查找登录信息
             * 5.从登录信息中的权限url判断请求是否合法
             *  如token为空/token解析失败/token在redis中不存在/权限url不存在返回401错误(待定)
             */
            //TODO 匹配规则修改
            String requestUri=exchange.getRequest().getURI().getPath();
            log.info("请求地址{}",requestUri);
            if(config.getExceptionUrl()!=null){
                log.info("例外url:"+config.getExceptionUrl().toString());
            }
            if(config.getExceptionUrl()!=null && config.getExceptionUrl().contains(requestUri)){
                log.info("请求例外url,检查通过");
                return chain.filter(exchange);
            }
            HttpHeaders headers = exchange.getRequest().getHeaders();
            String jwtToken = headers.getFirst("X-Token");
            TokenUsersVO userInfo= TokenUtil.getUserInfoByJWT(jwtToken);
            ServerHttpResponse response = exchange.getResponse();
            if(userInfo==null){
                return FilterUtil.getUnauthResponse(response);
            }
            /*
            if(! userInfo.getToken().equals(jwtToken)){
                return FilterUtil.getUnauthResponse2(response);
            }
             */
            List<String> permissionUrlList= userInfo.getUrlList();
            boolean hasPermission=false;
            if(permissionUrlList!=null){
                for (String url:permissionUrlList){
                    if(url.equals(requestUri)){
                        hasPermission=true;
                        break;
                    }
                }
                if(hasPermission){
                    log.info("权限通过");
                    return chain.filter(exchange);
                }
            }
                log.info("请求"+requestUri+"没有权限");
                return chain.filter(exchange);
                //测试默认通过,无权限返回403错误
                //return FilterUtil.getUnauthResponse(response);
        };
    }

    public static class Config {
        //Put the configuration properties for your filter here
        private List<String> exceptionUrl;

        public List<String> getExceptionUrl() {
            return exceptionUrl;
        }

        public void setExceptionUrl(String exceptionUrl) {
            this.exceptionUrl = Arrays.asList(exceptionUrl.split("&")) ;
        }
    }
}
